Virus

Virus:Win32/Expiro.EK!MTB information

Malware Removal

The Virus:Win32/Expiro.EK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Virus:Win32/Expiro.EK!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Virus:Win32/Expiro.EK!MTB?



File Info:

name: E10481571AE24613E176.mlw
path: /opt/CAPEv2/storage/binaries/a80b23f68fa5d6f22c6e30f6b9425bd20718d4d5fb5ace105765bc8bd3e8a28b
crc32: BF250235
md5: e10481571ae24613e176f27f707ed0b7
sha1: c3db1b864c0cb2b9d4ef7de5f5964806952a8eb9
sha256: a80b23f68fa5d6f22c6e30f6b9425bd20718d4d5fb5ace105765bc8bd3e8a28b
sha512: ca23315bf202c0316b774e77f2d5864997c65a6425a1e0a7d0020306c22f4b2d811f1258f5fc5072a1b7af4dfe506a2f5e40123a29b9463dd78feb11c8ae5b81
ssdeep: 12288:B2Ae691B+wYq3JLmULaOx47oLxiBdg5xtyZcNbUavOJ/qcdpLncsbqGI:IE91BDvJLPWO8oLMBdg5DEuUaE/9rLn0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T167E4128277D1C9A1D0B308315856EE619ABEFCA14E81ED5333EC263F4F35991C425EBA
sha3_384: ef97d1ff2639c8d6d25b54535002c697fa4fc14c5b4f162eddafaa973f67ede942ee7a9ec3a10f110b40232f85235ab8
ep_bytes: e84c6b0a00e97afeffff3b0d08404100
timestamp: 2023-04-12 23:25:45


Version Info:

CompanyName: Google LLC
FileDescription: Google Update
FileVersion: 1.3.36.211
InternalName: Google Update
LegalCopyright: Copyright 2018 Google LLC
OriginalFilename: goopdate.dll
ProductName: Google Update
ProductVersion: 1.3.36.211
Translation: 0x0409 0x04b0

Virus:Win32/Expiro.EK!MTB also known as:

BkavW32.AIDetectMalware
LionicVirus.Win32.Expiro.n!c
DrWebWin32.Expiro.158
MicroWorld-eScanWin32.Expiro.Gen.7
ClamAVWin.Virus.Expiro-10014075-0
FireEyeGeneric.mg.e10481571ae24613
CAT-QuickHealW32.Expiro.R3
SkyhighBehavesLike.Win32.Sality.jc
ALYacWin32.Expiro.Gen.7
Cylanceunsafe
SangforTrojan.Win32.Save.a
K7AntiVirusVirus ( 005a8b911 )
AlibabaVirus:Win32/Expiro.bbf71ac2
K7GWVirus ( 005a8b911 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitWin32.Expiro.Gen.7
BitDefenderThetaGen:NN.ZexaF.36608.Pu0@ay2EOLoi
SymantecW32.Xpiro.J!dam
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Expiro.NDP
APEXMalicious
CynetMalicious (score: 100)
KasperskyVirus.Win32.Moiva.a
BitDefenderWin32.Expiro.Gen.7
NANO-AntivirusVirus.Win32.Virut-Gen.bwpxnc
AvastWin32:Vitro [Inf]
RisingTrojan.Generic@AI.90 (RDML:dDRUG50Mcw6djdmXtZp1sg)
TACHYONVirus/W32.Movia
SophosW32/Moiva-C
F-SecureMalware.W32/Infector.Gen
VIPREWin32.Expiro.Gen.7
TrendMicroVirus.Win32.EXPIRO.JMA
Trapminemalicious.high.ml.score
EmsisoftWin32.Expiro.Gen.7 (B)
IkarusTrojan.Patched
GoogleDetected
AviraW32/Infector.Gen
Antiy-AVLVirus/Win32.Expiro.x
Kingsoftmalware.kb.a.969
MicrosoftVirus:Win32/Expiro.EK!MTB
ZoneAlarmVirus.Win32.Moiva.a
GDataWin32.Expiro.Gen.7
VaristW32/Expiro.AU.gen!Eldorado
AhnLab-V3Virus/Win.Expiro.X2164
Acronissuspicious
MAXmalware (ai score=81)
VBA32Trojan.Sabsik.TE
MalwarebytesVirus.M0yv
PandaW32/Moyv.A
TencentVirus.Win32.VirMoiva.a
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Expiro.NDP!tr
AVGWin32:Vitro [Inf]
DeepInstinctMALICIOUS

How to remove Virus:Win32/Expiro.EK!MTB?

Virus:Win32/Expiro.EK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment